Just wondering, in the university where I work, students are due to send in payment for university halls of residence. I’ve been told to ask students paying by credit card to only fax us their credit card details as the safest method out of phone, fax, email and post.
Is it really the safest means of transmitting CC details to our office? The students are all from Europe and all their information usually reaches us in fairly anonymous envelopes, nothing to indicate that payment of any sort is included within. I can remember briefly reading in a PC magazine a while ago that faxes can be easily intercepted too if someone wants to.
Email is definitely not secure and is probably the most likely of all the methods to be intercepted and abused, unless you’re sending it end-to-end within (something like) a corporate LAN/WAN that is known to be highly secure.
Any of the other methods can be intercepted - it’s just a question of how likely; fax is probably least likely to suffer interception, after that, phone (if it’s land lines all the way).
I’d agree with Mangetout.
Fax is pretty unlikely to get intercepted, although it is technically feasible.
I have had credit cards stolen from the US mail, but actually I’ve never had any mail intercepted that didn’t have a credit card in it.
In defense of the US mail, my credit card mail was stolen INSIDE of a campus post office operated by my university, not in a USPS post office.
Thought of using public key encryption to let students e-mail their data to you? The necessary software is cheap (PGP, one of the most widely used products, is free for non-commercial use, and the commercial licenses aren’t expensive), easy to use for both sender and recipient, and ought to be sufficiently secure to keep out non-governmental hackers (i.e. hackers without access to multi-million dollar supercomputers).
Well its not their cards, just the card number on a slip of paper. I was wondering how likely it was that any envelope addressed to our office would be lost or intercepted within European mail systems.
Just a thought when I remembered all the times orders were sent off to catalogues from home with numbers on them.
You obviously haven’t dealt with students. The vast majority aren’t likely to want to install software and a good subset of that won’t know how to set it up even if they installed it.
Why doesn’t someone set up a secure website for payments? All you should need is a bare-bones “shopping cart” order system and the attending https / ssl setup.
Heck, even PayPal would work for this - a benefit for you is you don’t ever get the person’s credit card info, or even know what kind of card they used. You just get money in your account. This alone makes it arguably more secure than any method of delivering credit card info to the office.
Credit Card Loss or Fraudulent Charges (FCBA). Your maximum liability under federal law for unauthorized use of your credit card is $50. If you report the loss before your credit cards are used, the FCBA says the card issuer cannot hold you responsible for any unauthorized charges. If a thief uses your cards before you report them missing, the most you will owe for unauthorized charges is $50 per card. Also, if the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use.
Another vote for a webpage system or Paypal. This requires no special effort at all for the students, since all major browsers have the security systems built in, and a computer with a Web browser is much more accessible to most folks than a fax machine. Electronic solutions also have the huge advantage that no human (aside from the card owner, of course) need ever see the credit card number at all, and you don’t need to worry about properly disposing of your waste paper.
Thanks for the suggestions, paper work would be something we could do with less of in the office.
It would be an interesting idea to have secure payment online, I’m not sure how many people would accept it as secure though, even though I use it all the time over EBay
‘Land lines’ in my post (inaccurately)meaning ordinary telephony over copper or fibre (or even microwave beam or satellite uplink, really), as opposed to, say, analogue cellphone - where ‘tapping’ involves a fairly ordinary radio receiver.
